Hi dear reader, there are very few technical network security assessment checklist. So I thought to share my own on this. Have a look and enjoy. Lets talk about the scope first. If you are given a 1000 machines to perform VAPT, then here is your scope. Single machine can have 65535 ports open. Any single port can deploy any service software from the world. For example FTP can be run on smartftp, pureftpd etc.. Any single FTP software version (for example pureftpd 1.0.22) can have number of vulnerabilities available. So if you multiply all of these, then it is impossible for any auditor to go ahead and probe all ports manually and find services manually. Even if he/she is able to do it, it is impossible to check all vulnerabilities that are pertaining to a single port of a single machine. Hence we have to rely on scanners such as nexpose, nessus, openvas, coreimpact etc. Here are some quick tools and test cases that one can perform on commonly found ports in the network pentest.
anonsharzzk
/ cordova-enable-webview-debug.js
Created
January 23, 2022 17:48
— forked from n1sh1th/cordova-enable-webview-debug.js
Cordova - Enable Webview Debugging
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Usage : frida -U -f bundle_id -l cordova-enable-webview-debug.js --no-pause | |
| Java.perform(function() { | |
| var Webview = Java.use("android.webkit.WebView") | |
| Webview.loadUrl.overload("java.lang.String").implementation = function(url) { | |
| console.log("[+]Loading URL from", url); | |
| this.setWebContentsDebuggingEnabled(true); | |
| this.loadUrl.overload("java.lang.String").call(this, url); | |
| } | |
| }); |
anonsharzzk
/ NetSecCheck.md
Created
October 16, 2021 09:47
— forked from MrMugiwara/NetSecCheck.md
Network Security VAPT Checklist
anonsharzzk
/ resources.md
Created
September 15, 2021 18:19
— forked from muff-in/resources.md
A curated list of Assembly Language / Reversing / Malware Analysis / Game Hacking-resources
anonsharzzk
/ ransomwarefeed.csv
Created
August 20, 2021 07:32
— forked from teixeira0xfffff/ransomwarefeed.csv
Ransomware Feeds
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Ransomware Name | URL | Status | |
|---|---|---|---|
| AVADDON | http://avaddongun7rngel.onion/ | Online | |
| SODINOKIBI (REVIL) | http://dnpscnbaix6nkwvystl3yxglz7nteicqrou3t75tpcc5532cztc46qyd.onion/ | Online | |
| NEFILIM | http://hxt254aygrsziejn.onion/ | Online | |
| VFOKX (1) | http://vfokxcdzjbpehgit223vzdzwte47l3zcqtafj34qrr26htjo4uf3obid.onion/ | Online | |
| VFOKX (2) | http://746pbrxl7acvrlhzshosye3b3udk4plurpxt2pp27pojfhkkaooqiiqd.onion/ | Online | |
| MARKETO (deep) | https://marketo.cloud/ | Online | |
| MARKETO (dark) | http://g5sbltooh2okkcb2.onion/ | Online | |
| LORENZ | http://lorenzmlwpzgxq736jzseuterytjueszsvznuibanxomlpkyxk6ksoyd.onion/ | Online | |
| CONTI/RYUK | http://continewsnv5otx5kaoje7krkto2qbu3gtqef22mnr7eaxw3y6ncz3ad.onion/ | Online |